QUESTION 120Your network contains an Active Directory domain named contoso.com.You discover that users can use passwords that contain only numbers.You need to ensure that all the user passwords in the domain contain at least three of the following types of characters:– Numbers– Uppercase letters– Lowercase letters– Special charactersWhat should you do?

A. the Default Domain PolicyB. the local policy on each client computerC. the Default Domain Controllers PolicyD. the local policy on each domain controller

Answer: A

QUESTION 121Your network contains an Active Directory domain named contoso.com.You create a domain security group named Group1 and add several users to it.You need to force all of the users in Group1 to change their password every 35 days. The solution must affect the Group1 users only.What should you do?

A. From Windows PowerShell, run the Set-ADDomain cmdlet, and then run the Set-ADAccountPassword cmdlet.B. Modify the Password Policy settings in a Group Policy object (GPO) that is linked to the domain, and then filter the GPO to Group1 only.C. Create a forms authentication provider, and then set the forms authentication credentials.D. From Active Directory Administrative Center, create a Password Setting object (PSO).

Answer: D

QUESTION 122Your network contains an Active Directory domain named contoso.com. The domain contains two servers named Server1 and Server2 that run Windows Server 2016. The computer accounts of Server1 and Server2 are in the Computers container.A Group Policy object (GPO) named GPO1 is linked to the domain. GPO1 has multiple computer settings defined and has following the configurations.

An administrator discovers that GPO1 is not applied to Served. GPO1 is applied to Server2. Which configuration possibly prevents GPO1 from being applied to Server1?

A. the permissions on the computer object of Server1B. the permissions on GPO1C. the loopback processing mode in GPO1D. the permissions on the Computers container

Answer: B

QUESTION 123You have an offline root certification authority (CA) named CA1. CA1 is hosted on a virtual machine.You only turn on CA1 when the CA must be patched or you must generate a key for subordinate CAs.You start CA1, and you discover that the filesystem is corrupted.You resolve the file system corruption and discover that you must reload the CA root from a backup.When you attempt to run the Restore-CARoleService cmdlet, you receive the following error message: “The process cannot access the file because it is being used by another process.”

QUESTION 124A technician named Tech1 is assigned the task of joining the laptops to the domain. The computer accounts of each laptop must be in an organizational unit (OU) that is associated to the department of the user who will use that laptop. The laptop names must start with four characters indicating the department followed by a four-digit numberTech1 is a member of the Domain Users group only. Tech1 has the administrator logon credentials for all the laptops.You need Tech1 to join the laptops to the domain. The solution must ensure that the laptops are named correctly, and that the computer accounts of the laptops are in the correct OUs.Solution: You script the creation of files for an offline domain join, and then you give the files to Tech1.You instruct Tech1 to sign in to each laptop, and then to run djoin.exe.Does this meet the goal?

A. YesB. No

Answer: A

QUESTION 125Note: This question is part of a series of questions that use the same scenario. For your convenience, the scenario is repeated in each question. Each question presents a different goal and answer choices, but the text of the scenario is exactly the same in each question in this series.Start of repeated scenario.Your network contains an Active Directory domain named contoso.com. The domain contains a single site named Site1. All computers are in Site1.The Group Policy objects (GPOs) for the domain are configured as shown in the exhibit.(Click the Exhibit button.)

The relevant users and client computer in the domain are configured as shown in the following table.

You are evaluating what will occur when you set User Group Policy loopback processing mode to Replace in A4.Which GPO or GPOs will apply to User2 when the user signs in to Computer1 after loopback processing is configured?

QUESTION 127You are deploying a web application named WebApp1 to your internal network. WebApp1 is hosted on a server named Web1 that runs Windows Server 2016.You deploy an Active Directory Federation Services (AD FS) infrastructure and a Web Application Proxy to provide access to WebApp1 for remote users.You need to ensure that Web1 can authenticate the remote users.What should you do?

QUESTION 128You have an internal web server that hosts websites. The websites use HTTP and HTTPS.You deploy a Web Application Proxy to your perimeter network.You need to ensure that users from the Internet can access the websites by using HTTPS only. Internet access to the websites must use the Web Application Proxy.Which two actions should you perform? Each correct answer presents part of the solution.NOTE: Each correct selection is worth one point.

A. From the Remote Access Management Console, publish the websites. Configure pass- through authentication and select Enable HTTP to HTTPS redirection.B. Configure the Web Application Proxy to perform preauthentication by using Oauth2.C. On external DNS name servers, create DNS entries that point to the private IP address of the web server.D. From the web server, enable HTTP Redirect on the Web Application Proxy server.E. On external DNS name servers, create DNS entries that point to the public IP address of the Web Application Proxy.

Answer: AE

QUESTION 129Your network contains an Active Directory forest. The forest contains a domain named contoso.com. The domain contains three domain controllers.A domain controller named lon-dc1 fails. You are unable to repair lon-dc1.You need to prevent the other domain controllers from attempting to replicate to lon-dc1.Solution: From Active Directory Sites and Services, you remove the object of lon-dc1.Does this meet the goal?

A. YesB. No

Answer: B

QUESTION 130Your network contains an Active Directory domain named adatum.com. The domain contains a security group named G_Research and an organizational unit (OU) named OU_Research.All the users in the research department are members of G_Research and their user accounts are in OU_Research.You need to ensure that all the research department users change their password every 28 days and enforce a complex password that is 12 characters long.What should you do?

A. From Group Policy Management, create and link a Group Policy object (GPO) to OU Research. Modify the password policy in the GPO.B. From Active Directory Administrative Center, create a new Password Settings object (PSO).C. From Active Directory Users and Computers, modify the properties of the Password Settings Container.D. From Group Policy Management, create and link a Group Policy object (GPO) to the domain. Modify the password policy in the GPO. Filter the GPO to apply to G_Research only.